If you then single quote your s/// expression to protect from shell interpolation
Adding single quotes does not protect from shell interpolation.
That will fail if $hash1 or $hash2 can contain «'», I don't think that's possible, but I don't know for sure.
That's why I use
$s =~ s/'/'\\''/g;
Update: philipbailey has since pointed out that the hash cannot contains quotes. While you can't context text to a shell literal using the second snippet in general, it appears to be safe in this particular circumstance.